From 83f3ca3ec89593c211834d159f97659257d05d6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Kr=C3=B6ning?=
 <martin.kroening@eonerc.rwth-aachen.de>
Date: Thu, 30 May 2024 16:51:32 +0200
Subject: [PATCH] fix(virtqueue): `next_off` must not be shifted
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Martin Kröning <martin.kroening@eonerc.rwth-aachen.de>
---
 src/drivers/virtio/virtqueue/packed.rs | 9 +++------
 src/drivers/virtio/virtqueue/split.rs  | 3 +--
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/drivers/virtio/virtqueue/packed.rs b/src/drivers/virtio/virtqueue/packed.rs
index 4273f60e88..3952af7a77 100644
--- a/src/drivers/virtio/virtqueue/packed.rs
+++ b/src/drivers/virtio/virtqueue/packed.rs
@@ -971,8 +971,7 @@ impl Virtq for PackedVq {
 		if self.dev_event.is_notif() | self.dev_event.is_notif_specfic(next_off, next_wrap) {
 			let index = self.index.0.to_le_bytes();
 			let mut index = index.iter();
-			// Even on 64bit systems this is fine, as we have a queue_size < 2^15!
-			let det_notif_data: u16 = (next_off as u16) >> 1;
+			let det_notif_data: u16 = (next_off as u16) & !(1 << 15);
 			let flags = (det_notif_data | (u16::from(next_wrap) << 15)).to_le_bytes();
 			let mut flags = flags.iter();
 			let mut notif_data: [u8; 4] = [0, 0, 0, 0];
@@ -1014,8 +1013,7 @@ impl Virtq for PackedVq {
 		if self.dev_event.is_notif() {
 			let index = self.index.0.to_le_bytes();
 			let mut index = index.iter();
-			// Even on 64bit systems this is fine, as we have a queue_size < 2^15!
-			let det_notif_data: u16 = (next_off as u16) >> 1;
+			let det_notif_data: u16 = (next_off as u16) & !(1 << 15);
 			let flags = (det_notif_data | (u16::from(next_wrap) << 15)).to_le_bytes();
 			let mut flags = flags.iter();
 			let mut notif_data: [u8; 4] = [0, 0, 0, 0];
@@ -1044,8 +1042,7 @@ impl Virtq for PackedVq {
 		if self.dev_event.is_notif() {
 			let index = self.index.0.to_le_bytes();
 			let mut index = index.iter();
-			// Even on 64bit systems this is fine, as we have a queue_size < 2^15!
-			let det_notif_data: u16 = (next_off as u16) >> 1;
+			let det_notif_data: u16 = (next_off as u16) & !(1 << 15);
 			let flags = (det_notif_data | (u16::from(next_wrap) << 15)).to_le_bytes();
 			let mut flags = flags.iter();
 			let mut notif_data: [u8; 4] = [0, 0, 0, 0];
diff --git a/src/drivers/virtio/virtqueue/split.rs b/src/drivers/virtio/virtqueue/split.rs
index 80a0a11648..02aa2c5e92 100644
--- a/src/drivers/virtio/virtqueue/split.rs
+++ b/src/drivers/virtio/virtqueue/split.rs
@@ -380,8 +380,7 @@ impl Virtq for SplitVq {
 		if self.ring.borrow().dev_is_notif() {
 			let index = self.index.0.to_le_bytes();
 			let mut index = index.iter();
-			// Even on 64bit systems this is fine, as we have a queue_size < 2^15!
-			let det_notif_data: u16 = next_off >> 1;
+			let det_notif_data: u16 = next_off & !(1 << 15);
 			let flags = (det_notif_data | (next_wrap << 15)).to_le_bytes();
 			let mut flags = flags.iter();
 			let mut notif_data: [u8; 4] = [0, 0, 0, 0];